Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Sigmanly_b...c0.dll

windows7-x64

10

Sigmanly_b...c0.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/12/2024, 18:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Sigmanly_bdd775603c502c44f8fcb4ba3edcde48a6c6b188f20cc76b9b662cc6c7a284c0.dll

  • Size

    30.5MB

  • MD5

    458c377c22340ea17a942ab200c063ae

  • SHA1

    5c69e074616448b725250b7181102318f986239b

  • SHA256

    bdd775603c502c44f8fcb4ba3edcde48a6c6b188f20cc76b9b662cc6c7a284c0

  • SHA512

    82105cc7477b4cf208067324358ff6fb5c4a80da881eb7dfcd74551fc5d5cb757f02b1a6ed5da0c3b79770d7c1a195cb65473df04272b405e6dc4a32ae32a7f0

  • SSDEEP

    393216:NpjeWRbosw2LgMubfSEh8XASixsd2mz5KP6AGP5U7dKgw:NteilDE3bKwSIsd2m+5vdKR

Score
10/10
grandoreirobankerdiscoverytrojan

Malware Config

Signatures

  • Detects Grandoreiro payload 5 IoCs
  • Grandoreiro

    Part of a group of banking trojans, targeting Spanish and Portuguese speaking countries.

    trojanbankergrandoreiro
  • Grandoreiro family
    grandoreiro
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Sigmanly_bdd775603c502c44f8fcb4ba3edcde48a6c6b188f20cc76b9b662cc6c7a284c0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3208
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Sigmanly_bdd775603c502c44f8fcb4ba3edcde48a6c6b188f20cc76b9b662cc6c7a284c0.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:4048

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4048-1-0x00000000029D0000-0x0000000004868000-memory.dmp

    Filesize

    30.6MB

    Download

  • memory/4048-2-0x00000000029D0000-0x0000000004868000-memory.dmp

    Filesize

    30.6MB

    Download

  • memory/4048-4-0x0000000001020000-0x0000000001021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4048-3-0x0000000000F80000-0x0000000000F81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4048-10-0x0000000003A4B000-0x00000000045F7000-memory.dmp

    Filesize

    11.7MB

    Download

  • memory/4048-8-0x00000000010A0000-0x00000000010A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4048-9-0x00000000029D0000-0x0000000004868000-memory.dmp

    Filesize

    30.6MB

    Download

  • memory/4048-7-0x0000000001080000-0x0000000001081000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4048-6-0x0000000001070000-0x0000000001071000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4048-5-0x0000000001030000-0x0000000001031000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4048-11-0x00000000029D0000-0x0000000004868000-memory.dmp

    Filesize

    30.6MB

    Download

  • memory/4048-12-0x00000000029D0000-0x0000000004868000-memory.dmp

    Filesize

    30.6MB

    Download

  • memory/4048-13-0x00000000029D0000-0x0000000004868000-memory.dmp

    Filesize

    30.6MB

    Download